WiFi Hots(Honey)pots Go Mobile
Are you already having trouble preventing your enterprise Wi-Fi clients from connecting to some of the existing public Wi-Fi networks (e.g., T-Mobile, Google WiFi)?
Mobile Hotspot with an option to create an Open Network
Guess what – the latest Palm Pre Plus or Pixi Plus can be converted into a cool mobile hotspot. One can easily roam around with this pocket hotspot. (http://www.nytimes.com/2010/01/21/technology/personaltech/21pogue.html)
It is amazing as to how some of these cool technological advances can create new avenues for attacks. Suppose an employee or a visitor wishes to sneak-in a hotspot or a honeypot AP into your enterprise. If you are paraniod, you can possibly think of frisking him for an AP (before allowing him into your premises). But, can you go to the extent of preventing him from carrying a Palm into your enterprise?
I am sure software is available for pretty much all smartphone OS’s out there. Check out the following link Symbian S60, for example.
http://www.joiku.com/?action=products&mode=productDetails&product_id=310
Thanks Dan. Yep, a piece of client software will be valuable in handling this threat.
Techrepublic gives a good overview of Palm Pre Plus features: http://blogs.techrepublic.com.com/hiner/?p=3786&tag=nl.e101
Wow, now that’s an interesting use of a handheld device. Do you know of any ways to detect/monitor the cellular portions of this interaction, other than spectrum analysis?
How would you recommend blocking access to this type of hotspot when the client is not within range of the enterprise WIPS? I’m assuming a piece of client software?
Great post!